A simple chroot of bind9.2.3 on FreeBSD5.x域名服务器教程
|
| 论文作者:佚名 论文来源:不详 论文发布时间:2006-6-19 17:58:02 论文发布人:chjchjchj |
 减小字体
 增大字体
摘要:A simple chroot of bind9.2.3 on FreeBSD5.x
FreeBSD5.2.1-RELEASE-p8
bind9.2.3 installed by port_replace_base
Notes: It is just a install memo of me but not a text for named.
[code:1:d452d51f00]
$ man named
......
OPTIONS
-t directory
chroot() to directory after processing the command line argu-
ments, but before reading the configuration file.
Warning: This option should be used in conjunction with the -u
option, as chrooting a process running as root doesn't enhance
security on most systems; the way chroot() is defined allows a
process with root privileges to escape a chroot jail.
......
# ps -ax|grep named
2611 ?? Ss 0:00.79 /usr/sbin/named -c /etc/namedb/named.conf -u bind
[/code:1:d452d51f00]
the original bind's working directory in FreeBSD5.x
[code:1:d452d51f00]
working directory:
/etc/namedb
/var/run/named
/etc
/dev
files options of the original named.conf:
......
include "/etc/namedb/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
inet ::1 allow { localhost; } keys { "rndc-key"; };
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
version "Windows 95";
recursion no;
auth-nxdomain yes;
listen-on-v6 {
any;
};
dump-file "s/named_dump.db";
};
logging {
channel bind_log {
file "/var/log/named/named.log";
severity info;
};
category xfer-out {
bind_log;
};
category default {
default_syslog;
};
};
zone "." {
type hint;
file "named.root";
};
......
[/code:1:d452d51f00]
Then, Let's run a named with "option -t".
Step 1: check what is chroot's named process need.
[code:1:d452d51f00]
+/var/named($chroot)
+---dev/
| +null
| +random
|
+---etc/
| +localtime
| +namedb/
| +named.conf
| +rndc.conf
| +rndc.key
| +*.zone
| +*.rev
| +named.root
| +s/
|
+var/
+log/
| +named/named.log
|
+run/
+named/
+pid
[/code:1:d452d51f00]
Step 3: Make new chroot directory for bind9
[code:1:d452d51f00]
# cd /var/ && mkdir named && cd /var/named
# mkdir -p dev etc/namedb dev var/run/named var/log/named
# cd dev && mknod null c 1 3 && mknod random c 249 0 && chmod 666 *
# cd ../etc && cp /etc/localtime .
# cd namedb ; cp -Rp /etc/namedb/* .
# cd ../../var ; chown -R bind:bind *
[/code:1:d452d51f00]
Step 4: restart named service.
[code:1:d452d51f00]
# kill `cat /var/run/named/pid`
# /usr/sbin/named -t /var/named -c /etc/namedb/named.conf -u bind
# ps -aux | grep named
bind 2858 1.8 1.6 4168 2900 ?? Ss 9:36AM 0:00.13 /usr/sbin/named -t /var/named -c /etc/namedb/named.conf -u bind
# tail /var/log/messages
May 30 09:36:26 tech named[2858]: starting BIND 9.2.3 -t /var/named -c /etc/namedb/named.conf -u bind
May 30 09:36:26 tech named[2858]: command channel&nb |
|
|
|
|
|
|
| ∷相关技术评论 |
(评论内容只代表网友观点,与本站立场无关!) [查看发表评论...] | |
|
|
| |
 站内广告 |
 | |
|
| 站内搜索 |
| |
| 栏目导航 |
| |
|
|
| 本月热门 |
| |
|
|
| 本日热门 |
| |
|
|
|
设为首页
加入收藏
联系我们
相关技术